Project: Cloud Security Infrastructure

CSI will bring high-level and scalable security to popular cloud storage services. This includes strong encryption of user data, privacy-assured data sharing, two-factor authentication (2FA) of users, and support for PKI based digital signing of electronic information. CSI will combine knowledge and expertise from its Ps to enhance existing cloud services with strongly requested security functions. The Ensafer file-sharing and collaboration service is used in CSI as the case for the research and development of such high-level and scalable security for cloud storage services._x000D__x000D_The product Ensafer enables users to securely store documents on the Ensafer storage server and to share these documents with other users providing strong information privacy. The Ensafer client application provides the user interfaces to create, import, open, export and manage files and contacts, and to share and collaborate with other users. The Ensafer storage infrastructure provides basic services that the client application uses to store and access files. With strong encryption and careful key management, Ensafer makes sure that the user is in full control of who may access her documents. The complexity of encryption is hidden for the users, but all user data is always encrypted, both on the client computer and in the external storage infrastructure. The only exception is on the client computer when a user explicitly accesses the data, e.g. opens a file. User data never exists decrypted outside the client computer. The encryption keys needed to access the data are not even available for the external storage infrastructure. As a consequence it is not possible for the storage infrastructure (and the owners or managers of such infrastructure) to decrypt and access any user data._x000D__x000D_In CSI we will bring the Ensafer model of easy sharing and always-encrypted user data to other existing cloud services. Popular cloud storage services, like Dropbox Google Drive and Microsoft SkyDrive, provide user-friendly storage and synchronization services. They have become extremely popular among both private and corporate users. However, recently strong concerns on storing critical data in the cloud have been raised. Several examples of security breaches experienced with popular cloud services have demonstrated that such concerns have to be taken seriously._x000D__x000D_CSI will investigate how to apply a combination of user-friendly secure storage and sharing, scalable cryptography, and strong two-factor authentication and digital signing to a common storage infrastructure. The actual file storage and file synchronization will be performed by the underlying storage service (e.g. Dropbox, SkyDrive or an in-house file storage service)._x000D__x000D_The CSI security is based on a combination of symmetric and public-key encryption. Each file is assigned a new unique symmetric encryption key that can be used to securely encrypt and decrypt files efficiently. Symmetric encryption and decryption scale well for files of any sizes. Each symmetric key is stored in an encrypted form together with its file. The symmetric keys are encrypted with the user’s public-key. Sharing is achieved by encrypting a copy of the symmetric key of a file with the other user’s public key. The encryption and decryption of these encrypted symmetric keys are processing intensive, but in the common usage this is not a problem since the size of the symmetric keys are small compared to typical file sizes. The core feature of CSI is to use symmetric and public-key encryption in a user-friendly and scalable way to combine secure protection of user data with support for collaboration and sharing within existing cloud storage services._x000D__x000D_2FA improves the security of user authentication. This improved security enhances the trust a user has on who is able to access data she is sharing. It is also important when documents are digitally signed. In the project we want to bring a combination of 2FA and digital signing to the CSI cloud storage and collaboration product.

Acronym CSI (Reference Number: 7816)
Duration 01/03/2013 - 29/02/2016
Project Topic The purpose of CSI is to investigate how to achieve enhanced security to generic cloud storage services based on a combination of symmetric and asymmetric (public key) encryption, new approaches to authentication and digital signatures, and adaptive scalable cryptography.
Network Eurostars
Call Eurostars Cut-Off 9

Project partner

Number Name Role Country
3 Encap AS Partner Norway
3 Invenia AS Coordinator Norway
3 Sirrix AG Partner Germany